Kubeconfig files store parameters and credentials that Kubernetes clients use to connect to and authenticate with clusters. This topic describes how to manage kubeconfig files.
Operations
Container Service for Kubernetes (ACK) signs and issues kubeconfig credentials containing identity information to Alibaba Cloud accounts, Resource Access Management (RAM) users, or RAM roles. These credentials are used to connect to clusters. The following table describes the operations that you can perform on kubeconfig files in different scenarios.
Based on the shared responsibility model, you are responsible for maintaining the kubeconfig credentials. Ensure that the credentials are available and valid to prevent security risks from credential leaks.
Operation | Description | References |
Obtain a kubeconfig file | Obtain a kubeconfig file to connect to a cluster over the Internet or an internal-facing network. To reduce security risks, use a temporary kubeconfig file. | Obtain a cluster kubeconfig and connect to the cluster using kubectl |
Revoke a kubeconfig file | Revoking a kubeconfig file invalidates the credentials of the RAM user or role. A new kubeconfig file and authorization binding are then generated. | |
Purge a kubeconfig file |
| |
Recover a kubeconfig file | Use the kubeconfig recycle bin to recover only the kubeconfig files that were purged within the last 30 days. |